[OpenAFS] Redux: Linux: systemctl --user vs. AFS
spacefrogg-openafs@spacefrogg.net
spacefrogg-openafs@spacefrogg.net
Sat, 14 Aug 2021 11:18:25 +0000 (UTC)
We use heimdal's kinit etc. So they may work different. We also noticed tha=
t behaviour of randomized ticket caches on Ubuntu machines. So this may be =
special to them to "improve security".
In addition, we needed to patch openssh, as it has its own way of determini=
ng the cache file location.
In general, it is not safe to have ticket caches in a world-writable locati=
on, but KEYRING also had security troubles in the past. This is why we chos=
e to use sssd to create the ticket caches for the users under /run.
=E2=80=93Michael